Closed Bug 1701798 Opened 3 years ago Closed 2 years ago

Fix use of Fission-incompatible GetTopLevelContentDocument function in CanvasUtils::IsImageExtractionAllowed

Categories

(Core :: Graphics: Canvas2D, defect)

Product:
Core
Component:
Graphics: Canvas2D
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
98 Branch
Tracking Flags:
Tracking Status
firefox98 --- fixed

People

(Reporter: kmag, Assigned: tjr)

References

(Blocks 1 open bug)

Details

(Whiteboard: [not-a-fission-bug])

Attachments

(1 file)

Bug 1701798: Fix 3rd-party check in RFP's canvas algorithm r?kmag
48 bytes, text/x-phabricator-request
Details | Review

Under Fission, GetTopLevelContentDocument will return the farthest in-process ancestor document, meaning it will never see third-party ancestors at all.

The function should instead be using something like AntiTrackingUtils::IsThirdPartyWindow or mozIThirdPartyUtil::IsThirdPartyWindow (though the latter really needs to be updated to take an inner rather than an outer window), or just checking WindowContext::GetIsThirdPartyWindow() directly.

Blocks: rendering-fission
Fission Milestone: --- → M7a

Lee, please assign this to someone to be fixed for Fission M7a (Fx91). Thanks!

Flags: needinfo?(lsalzman)
Flags: needinfo?(lsalzman) → needinfo?(kmaglione+bmo)

Lee, why did you redirect NI to kmag? Kmag from the Fission team has found the issue. The module owner has to fix it though not kmag.

Flags: needinfo?(kmaglione+bmo) → needinfo?(lsalzman)

Essentially this code appears to more naturally fall under the provenance of the DOM team or potentially network/security team. They would probably be the most knowledgeable of how to fix it. Kris already had suggestions of what needed to happen, so he might be better suited to implement those suggestions. The code in question appears more security related than anything actually rendering related.

Ownership of canvas is a multi-team collaborative, and though the gfx team is a steward of the code in the current state of things, in the end the team best able to address the code is who should look at it. Maybe Jeff Muizelaar can offer suggestions about who best to work on this, as he was one of the original reviewers of the addition of that particular function.

Flags: needinfo?(lsalzman)

This is for RFP, where we probably do the wrong thing on RFP+Fission now.

Flags: needinfo?(tom)

I'll own it. I'm clearing the Fission milestone because RFP is an unsupported configuration and it shouldn't block or count towards Fission efforts.

Assignee: nobody → tom
Fission Milestone: M7a → ---
Flags: needinfo?(tom)
Whiteboard: [not-a-fission-bug]
Severity: -- → S4

Would this need to be backported to ESR 91? Does non-Fission mode in 91 have this bug?

Flags: needinfo?(kmaglione+bmo)
Pushed by tritter@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2b6c0cdb6c41
Fix 3rd-party check in RFP's canvas algorithm r=farre

https://hg.mozilla.org/mozilla-central/rev/2b6c0cdb6c41

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox98: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 98 Branch
Flags: needinfo?(tom)

I tested; doesn't need to be uplifted.

Flags: needinfo?(tom)
Flags: needinfo?(kmaglione+bmo)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: